This article is rated Start-class on Wikipedia's
content assessment scale. It is of interest to the following WikiProjects: | |||||||||||
|
Removing the notability warning badge. This article seems fine to me, at a start. SCEP is supported by every iPhone, so fairly broadly applicable to the modern world. DouglasHeld ( talk) 18:27, 8 April 2011 (UTC)
According to http://www.kb.cert.org/vuls/id/971035 even the SCEP RFC encourages the use of CMP/CMS/CMC over SCEP. Also there are many warnings about using SCEP with MDM systems on the internet. I don't think the security issues are clearly stated here.
Some more resources:
-- Dveeden ( talk) 09:16, 2 July 2014 (UTC)
The SCEP "vulnerability" mentioned in this article is bollocks, it was created by CSS to sell their expensive patent-pending "SCEP Validation Service". What their advisory in effect says is that if a CA blindly signs whatever comes in in a SCEP request then there's a privesc vulnerability. That's a bit like saying that if the State Department blindly issues passports without checking that the paperwork is valid, there's a bit of a security problem. Oh, and we have an expensive enterprise-grade service we'll sell you to fix this. Should this piece of marketing PR be part of a Wikipedia article?
806f0F ( talk) 06:26, 28 March 2015 (UTC)
The "implementations" section was removed a while back on the basis of it being spam (since, I guess, some of the implementations are commercial?). I think it was useful information to include in this article, and did not appear to be being used for advertising. — Preceding unsigned comment added by 198.151.161.131 ( talk) 21:07, 15 April 2019 (UTC)
Currently in the article : "Due to the use of the self-signed PKCS#10 format for Certificate Signing Requests (CSR), certificates can be enrolled only for keys that support signing."
What would be the possible use case for a non signing public key in a certificate, is there even such a thing? No such criticism was talked about during the very lengthy standardization process. JidGom ( talk) 10:32, 31 May 2021 (UTC)
Of note: Xiaoyi Liu of Cisco was a listed author of both the CMC and SCEP first drafts. It seems that the lack of adoption of CMC led major actors (most notably Cisco and Microsoft at the time) to favor the simpler SCEP and try to formaly standardize it instead of keeping it de facto standard, before Cisco jumped ship to push for EST in the late 2000s. JidGom ( talk) 13:43, 1 June 2021 (UTC)
The opening part of this article could do with a compact summary of how SCEP works. Something like this: SCEP is an authenticated, HTTP-based protocol for downloading a client certificate from a CA. — Preceding unsigned comment added by 60.241.24.90 ( talk) 03:49, 3 November 2022 (UTC)
This article is rated Start-class on Wikipedia's
content assessment scale. It is of interest to the following WikiProjects: | |||||||||||
|
Removing the notability warning badge. This article seems fine to me, at a start. SCEP is supported by every iPhone, so fairly broadly applicable to the modern world. DouglasHeld ( talk) 18:27, 8 April 2011 (UTC)
According to http://www.kb.cert.org/vuls/id/971035 even the SCEP RFC encourages the use of CMP/CMS/CMC over SCEP. Also there are many warnings about using SCEP with MDM systems on the internet. I don't think the security issues are clearly stated here.
Some more resources:
-- Dveeden ( talk) 09:16, 2 July 2014 (UTC)
The SCEP "vulnerability" mentioned in this article is bollocks, it was created by CSS to sell their expensive patent-pending "SCEP Validation Service". What their advisory in effect says is that if a CA blindly signs whatever comes in in a SCEP request then there's a privesc vulnerability. That's a bit like saying that if the State Department blindly issues passports without checking that the paperwork is valid, there's a bit of a security problem. Oh, and we have an expensive enterprise-grade service we'll sell you to fix this. Should this piece of marketing PR be part of a Wikipedia article?
806f0F ( talk) 06:26, 28 March 2015 (UTC)
The "implementations" section was removed a while back on the basis of it being spam (since, I guess, some of the implementations are commercial?). I think it was useful information to include in this article, and did not appear to be being used for advertising. — Preceding unsigned comment added by 198.151.161.131 ( talk) 21:07, 15 April 2019 (UTC)
Currently in the article : "Due to the use of the self-signed PKCS#10 format for Certificate Signing Requests (CSR), certificates can be enrolled only for keys that support signing."
What would be the possible use case for a non signing public key in a certificate, is there even such a thing? No such criticism was talked about during the very lengthy standardization process. JidGom ( talk) 10:32, 31 May 2021 (UTC)
Of note: Xiaoyi Liu of Cisco was a listed author of both the CMC and SCEP first drafts. It seems that the lack of adoption of CMC led major actors (most notably Cisco and Microsoft at the time) to favor the simpler SCEP and try to formaly standardize it instead of keeping it de facto standard, before Cisco jumped ship to push for EST in the late 2000s. JidGom ( talk) 13:43, 1 June 2021 (UTC)
The opening part of this article could do with a compact summary of how SCEP works. Something like this: SCEP is an authenticated, HTTP-based protocol for downloading a client certificate from a CA. — Preceding unsigned comment added by 60.241.24.90 ( talk) 03:49, 3 November 2022 (UTC)